Tuesday, 15 January 2013

Remote VPN To Netscreen Device - [XAuth with Cisco ACS RADIUS]

NetScreen has implemented XAuth to allow another layer of authentication for VPN between a Remote Client and a Netscreen VPN Device. This negotiation takes please after the first phase of the IPSEC. You may verify authentication to the Netscreen Device’s local authentication database, radius, Secure ID, and LDAP server. You may as before use groups to combine the dial-up users or use individual dial-up users.You cannot use the group function if you are using Secure-ID or a LDAP server.

Use Funk RADIUS server to support such NetScreen-specific attributes as admin privileges, user groups, and remote L2TP and XAuth IP address, and DNS and WINS server address assignments, you must load the Funk dictionary file (netscreen.dct) that defines these attributes onto the RADIUS server. If using Cisco ACS Radius, load the Cisco dictionary file (NSRadDef2.ini). A dictionary file defines vendor-specific attributes (VSAs) that you can load onto a RADIUS server. Afterdefining values for these VSAs, NetScreen can then query them when a user logs in to the NetScreendevice. NetScreen VSAs include admin privileges, user groups, and remote L2TP and XAuth IP address, and DNS and WINS server address assignments.


 
I was facing the issue to authenticate Remote VPN on Netscreen thru Cisco ACS, and was finally able to work in the right direction after viewing this post https://supportforums.cisco.com/thread/215823

No comments:

Post a Comment